About your privacy

In order to give you the very best experience, we use cookies to help understand how our our articles and content is used. This allows us to give you a personalized experience and to tailor the adverts presented. You can accept the Full Experience, or choose how you want to view the site. Find out more in our cookie notice.

Home » Security » Information security: when only a thorough overhaul will do

Security

Information security: when only a thorough overhaul will do

Organisations need to take a holistic information security approach and that can mean overhauling systems rather than tinkering under the hood, Sean Hargrave discovers.

The issue many organisations have to confront is their IT systems are not always designed for today’s high risk information security because they may well have been designed when the threat level was much lower.

In such cases, information security and risk expert, Jitender Arora, believes that simply adding a new piece of software or tinkering with infrastructure may not be enough. As the risk to information security rises, in many instances, a more radical overhaul is needed.

“A lot of organisations find themselves with the equivalent of a ten year old car that used to be sufficient for everyday motoring but isn’t up to the rallying standards you need today,” he explains.

“By just making small alterations you can give it a better paint job or change the spark plugs but the fundamental problem is you need a car that is fit for what is now required of it.”

Changing IT secruity inside, and out

For businesses considering taking a root and branch review of their IT security, which may well have been prompted by an audit or new regulation, Arora advises that a holistic approach is taken. It is not enough, he insists, to secure one part of an organisation without paying attention to the rest of its IT footprint.

“The threats are both internal and external and so you need to take a holistic approach,” he advises.

“You can’t secure most of your infrastructure and then leave legacy applications still running unchecked because a cyber criminal will simply get in through the easiest point of access. So the approach has to be holistic and rely on what is called zero trust, which means you don’t assume everyone inside your network is trustworthy.”

Museum lessons

To use an analogy of what organisations should be aiming for, Arora believes the best picture to conjure up is a museum.

“You need good security at each door and on each level but you have to accept that a breach may still happen, it’s just life,” he says.

“For that reason you then bring together your most valued assets, the things you can’t do business without or you couldn’t imagine leaking to a rival or a criminal, and place your greatest security there.

“If you go in to any museum you’ll often find the most valuable pieces are collected together in room where they are protected by thick glass and sophisticated alarms. You can’t afford this approach everywhere so you deploy it where it’s most needed.”